[php-maint] Bug#850158: Bug#850158: Use of uninitialized memory in unserialize()

Salvatore Bonaccorso carnil at debian.org
Wed Jan 4 16:13:09 UTC 2017


Hi Ondřej

On Wed, Jan 04, 2017 at 03:24:22PM +0100, Ondřej Surý wrote:
> Hi,
> 
> any web application that allows passing unsanitized data to
> unserialize() is doomed, so I don't really think that this requires
> immediate attention.
> 
> This will get fixed in a normal security cycle with next PHP release (or
> I'll add the patch on top of next release).

Yes that sounds fine.

Regards,
Salvatore



More information about the pkg-php-maint mailing list